A few weeks ago I posted a quick one-question survey on threat and compromise detection. I asked “Imagine that you have clearly identified top 3 critical information assets (systems, documents, databases, etc) that your organization has, what is your confidence level that you will detect a compromise of one of these assets by a malicious party within 7 days from the compromise event?”
Here is what came out:
Total responses: 85
Comments? Here are a few:
- If you laser-focus your detection defenses [on just top 3 assets, in this example], you can actually score a WIN. Reduce what you watch – and win!
- It seems that this survey was phrased in a way to really summon the spirit of optimism in security. Those voting “<50% chance to detect” were in the minority [44.7% of you] while “>50% chance to detect” [55.2% of the respondents] are in the majority. Rejoice the security community!
- I was 100% sure that nobody will answer “100% sure to detect”, yet some did. Sure, you can hypothesize that those are all vendors, but maybe not: I think if you have only 3 eggs in your “critical eggs” basket, you CAN watch it really well and gain surety of detection….
- Still, “<5%” has a spike. Think about it. This is the domain of the appropriately paranoid and/or severely under-resourced, IMHO.
There you have it – have fun with it! More one-question polls coming soon.
Possibly related blog posts: